Archatechs

Summer Hiatus

info@archatechs.com — 2007-06-28T11:58:11-04:00

Well, its that time of the year again. Its the time when the heat becomes so oppressive that nerds the world over seek the sunless confines of a basement and a stock pile of ice cold caffeinated and overly sugared beverages. We've let the boys from the lab scurry to shade and anonymity of LAN parties. In the mean time, we are still working on our 2.0 Again relaunch.

Remember, check back soon!

Straight From The Lab: The Lab!

info@archatechs.com — 2007-04-09T17:21:06-04:00

We love bringing you our guides to pimpin' your home. But from time to time we want to get really geeky...like under the hood geeky...like its 4:00am and you're rebuilding a RAID array and trying to compile your own linux kernel for the 5th time geeky. Ok, you get the point. At lot of that stuff just doesn't fit our goal of presenting technology that pimps out your home while dishing it out in a straight forward way. Thats why we are pleased to announce: The Lab. We've given the boys in the lab free run to post news, reviews, security updates, recipes for homemade Red Bull...anything their nerdy brains can come up with! Since The Lab is going to be a little rough around the edges we though let them start on our new servers. So go ahead and check out The Lab from Archatechs.

Archatechs 2.0...again?

info@archatechs.com — 2007-04-09T16:53:54-04:00

We cannot leave well enough alone apparently... if you want to keep tabs on the design of the new site, in real time (hey, we have no egos!) check out http://www.archatechs.com/a or just click here.

Don't worry you can still find the original blog here, including some of our most recent posts.

FLOSS - The Great Software Giveaway

FutureShow/BroadCatching - get your TV from the internet

info@archatechs.com — 2007-03-27T08:49:05-04:00

Notice a change? We hope not, but we have moved hosting companies. It may take up to 24-48 hours for things to get sorted out so we'll be hosting everything on both servers for a while.

If you are like us you have probably watched your cable bill skyrocket over the past few years. Sure having 867 channels is great, but are you really watching them all or are you just paying to watch 10 of them? Hey, if there is one thing we've established here at Archatechs, its that we are cheap! Thats why we are going to start a 3 part series we like to call: "FutureShows/BroadCatching" - our ultimate home IPTV solution. We are going to build on some of our past articles and really put our geek skills to the test. But in the end, we think we've got a pretty nifty, and very nerdy setup! If you stay tuned for all three parts we'll show you how you can send your cable company packing and watch everything you ever wanted on your TV. We'll even show you how to get free HD over the airwaves.

Before we jump right in, we are going to build upon our Ultimate Home Network (part 1, part 2 and part 3) as well as our guide to network storage, Its Raining Bits.

One more important, albeit painful note: please consult your local, state and national laws prior to downloading copyrighted material. It is our intent that this guide will be used to download freely available material that you have the legal rights to download. You should also consult the terms of service of your internet provider. Archatechs is not responsible for any laws you may violate while attempting this project. We hate to say it, but if you aren't comfortable with that, surf on over to somewhere else....

First- and probably always your first question around here- what the heck are we talking about? We've already tossed out a lot of terms (broadcatching, IPTV, etc...) but what do they mean? Well in the broadest sense we are talking about downloading entertainment from the internet. Our solution is a 2 parter, we are going to look at a server that will automatically scour the internet for shows and download them straight to our NAS (network storage). Then we'll show you how a Mac Mini with some open source software makes a very powerful home theater PC for about $550.00. When its all down, you'll be able to sit in front of your TV, pull up a TiVo-like interface with your remote control and veg out to all kinds of great content!

The legwork...
To get started we need a place to store all these video files. Since we are going to assume you were a good geek and followed Raining Bits, we are going to focus on FreeNAS, but you should be able to use any NAS system and follow along. On average, an hour of TV at HD (or near HD) resolution will clock in anywhere between 700mb and 1gb. That means, depending on how many shows you download and keep you'll need at least a few gigabytes free. More than likely you'll want to carve out a large chunk of your network drive. We are using about one terabyte now (thats 1,000 gigabytes remember) here in the lab and that allows us to store about 85 feature length movies and multiple seasons of about 43 shows... thats somethin' to shake a stick at! You'll also want to enable windows file sharing (sometimes called SMB or CIFS) on your NAS server. If you are using FreeNAS from our Its Raining Bits project, Windows sharing is built right in. In FreeNAS we created a new shared directory on our RAID setup called "FutureShow". Depending on your setup, you may also need to create a special user. We added a user called "broadcatcher" and gave that user full access to FutureShow. We created another user called "broadwatcher" with read-only access.

Torrents and Torrents of Data
Unless you've had your proverbial head in the anecdotal sand, you've probably heard of BitTorrent. As a quick refresher, BitTorrent is a technology that allows people to share files in a pretty unique way. Now we know, you hear "file sharing" and conjure images of Napster and the FBI dragging college students to the gallows. We know that BitTorrent may also have nefarious uses, but it can also be used legally and responsibly. BitTorrent is pretty slick, it allows users to share files in pieces. Lets say you were going to share a text file of the Bill of Rights. As soon as you connect to other users you start getting bits and pieces. For instance you may get "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances." Well, almost instantly you can give someone else "Congress shall make no law respecting an establishment of religion" while you continue to download "No soldier shall, in time of peace be quartered in any house, without the consent of the owner, nor in time of war, but in a manner to be prescribed by law."

So, as you download bits and pieces, you start sharing those bits and pieces with other users. In the end, once you have the whole Bill of Rights file, you can help other people fill in the gaps in their file. The very geeky readers out there have already surmised that this means two-way traffic. Its a way that everyone can help everyone else. Doesn't sound legit? Try this on, Apple has suggested they may include BitTorrent technology with their next version of OS X. The founders of BitTorrent have even been in talks with the movie studios to develop a way to disseminate movies online legally.

Tools of the "trade"...
We here at ArchatechsAir know that you have many choices when it comes to sending your bits flying across the internet. Thats why we'd like to thank you for choosing Azureus as your bittorrent client. Azureus is an amazingly flexible open source client. Its available for Windows, Linux and OS X. If you checked out our post on open source software (The Great Archatechs Software Giveaway) you know what fanatics we are for free and open source software. What we love about Azureus besides its 'open sourceness' is that there are a host of plugins available to make it even more robust. One that we are going to focus on allows you to scan RSS feeds (stay tuned, we'll explain) to automatically download shows. Azureus can also run "headless", as in like a server with out a monitor. You can control it remotely via a web interface.

What's this business about RSS? RSS (or Really Simple Syndication) was started as way to quickly gather, or "aggregate" information from multiple websites in a central place. Thunderbird, our favorite open source email client has RSS capabilities. You can also use online tools like Google's customized start page. One popular use is to catch up on news, blogs and other sites quickly from a central place. If you want to give RSS a try, just click here.

RSS has some other nice uses too, like allowing an application to keep tabs on web sites for new files. Thats exactly what we are going to do with the RSS Feed Scanner for Azureus. We are going to give Azureus some RSS links, which it will scan periodically and search for your favorite shows, then automatically add them to its list of things to download.

The big picture...
Starting to sound a little like TiVo? Thats the goal! Once you've gotten Azureus downloaded and installed for your operating system, its time to load the RSS Feed Scanner Plugin. Fortunately, Azureus includes a really simple interface that makes downloading and installing plugins a snap.

* start by clicking the Azureus menu and selecting Plugins
* next scroll through the list to find the RSS Feed Scanner Plugin
Pasted Graphic 1
* select the RSS Feed Scanner plugin and click next
Pasted Graphic
* you can install it for all users, or just you

Now comes the fun part, we need to configure both Azureus and the RSS Feed Scanner. Lets start with Azureus. Essential to the concept of BitTorrent is that you help spread the wealth. Remember our Bill of Rights example? As soon as you have a part of the file you can share that part with others that don't have it. Since we are talking about two-way traffic then that means opening ports on your NAT router. If you haven't already done so, check out Part 2 of Our Ultimate Home Network for more info. Azureus wants to use a random port, so check in the settings to which which port your copy has elected to use. You can always change it if you prefer something else.

Feed the need...
With Azureus setup and good to go, its time to tackle the RSS feeds that the Feed Scanner plugin will monitor. You have lots of options for sources and we are happy to list a few here, just remember to make sure you are complying with your local state and federal laws. We've said it once and we'll say it again, the boys in the lab don't get out much. As a result they love their TV. One of their favorite sites is TVtorrents. TVtorrents is among the more communal of the sites and requires that you actively upload as you download. Since we opened the ports on our router that shouldn't be a problem. As you upload you gain credits that are applied to you downloads. Even if you download a lot more than you upload you should remain in the clear. We've arranged for the first 10 people who post a comment on this post to get started with some free credits. Another popular site is TVrss. TVrss is more of an aggregator of aggregators. Translated from geekspeak, it scours other sites and reproduces a list of links. Both TVtorrents and TVrss allow you to create custom feeds for your favorite shows. Finally, most video blogs and video podcasts have their own RSS feeds available as well. For the sake of our examples we are going to look at TVtorrents and the podcast Diggnation.

Its time to gather the feeds. With whichever site you have chosen to use, you'll need to get a link to the RSS feed that will supply you with shows. With TVtorrents scroll about half way down the screen and click on RSS Feeds in the left-hand menu. TVrss.net works a little differently. You can either get a feed for a specific show or a combined feed of all shows. Since we'll be asking Azureus to sort the feeds for us its a lot easier to get the combined feed (here's a link). For those of you mouse-types, in most web browsers you can right-click on a link (control+click for you mac users) and select 'copy link location' from the pop-up menu. That will place a copy of the URL in your clipboard.

Meanwhile, back in Azureus its time to add the feeds. Select the RSS Feed Scanner from the Plugins Menu.

Next, we need to add the feed. Click on the green plus next to the upper left-hand box. That should allow you to fill in the fields on the left. Our first order of business is to paste in the RSS feed we copied from the web. Click in the URL field and then selected the Edit menu, now click paste. Its that easy! From here we can also specify some other options. For now simply give your feed a name, we used "Diggnation" for the diggnation feed and then click the 'enabled' check box. Click save and you are done.

Season Pass....
Is a trademarked term from TiVo, so we cannot use it to describe filters. But a filter is a way of telling Azureus which shows from a RSS feed youd like to have, and where you'd like to store them. Its easy enough to create filters manually, but Azureus offers a little help in this department. After adding your first feed, click the Status tab. That will take you back to the main screen for the RSS Feed Scanner. From here you should see your new feed, along with a plus sign to the left. Click that plus sign and you'll see all the past shows and episodes that your feed contains. We are going to pick any episode/show near the top of the list and right-click on it. From the pop-up menu, select Create Filter.

That should take your right back to the Options screen of the RSS Feed Scanner. The good news is that Azureus has taken care of some of the work for us. The bad news is that we still need to make some changes, and these can be tricky. Filters can do their magic filtering two ways. The first is by simply scanning the title and description for the keywords you type. So if you wanted to get, say... House, M.D. you might type in 'house' as your filter. That way you'll get all the shows called 'house'. But if your feed contains Desperate Housewives, for example, the filter is also going to find a match there. A little playing and some patients will help you get it just right. Another way you can search for a match is using something called 'regular expressions' ('re' in nerd speak). We are going to leave re to the pros, but when you use the 'create filter' menu, Azureus does default to using regular expressions. Feel free to play around a bit, you may find they work just well however Azureus creates them. But, you may also have to do a little editing. For example, when we created a feed for Diggnation, it puts the entire episode title into the Filter field. We just deleted everything but the word 'diggnation'. If you don't want to play with regular expressions, remember to uncheck that box too. One of the other beauties of filters is that they allow you to put different shows into different folders. Finally, you can also let Azureus manage episode histories for you too. Only want shows from the 4th season? Just fill in 4 in the season box, Azureus will start there and count up- it will also remember shows its already downloaded. Click save, and you are done with your first filter!

If everything went according to plan, you should be able to see your shows downloading almost right away. Each RSS feed has a setting for how often its reloaded and checked for shows. While Azureus will let you override the setting, its best to respect the website and server you are pulling the feed from. Diggnation's feed seemed to be set to 12 minutes. After about 11 minutes from creating our feed, we were able to click back on the main Azureus tab and like magic, there was the latest episode downloading.

Wow! Time for a breather. To recap, we were able to to find special web site pointers that listed all of our favorite shows. We used the very powerful Azureus software and its RSS Feed Scanner plugin to setup filters to automatically download the shows for us. That leaves us with just one more step. This has already been a pretty geeked-out project. But, for those of you who want to take it to the next level, hold on tight. If you are using a large shared network drive, like our NAS project, then you will probably want to store your video files there. You can, of course, run Azureus on any computer, mount that network drive and tell Azureus to put the files there. On the other hand, why not run Azureus right on your NAS box. Our NAS project used FreeNAS, which really is designed to be a NAS only. However, it is posable to use any Linux machine as a NAS server. We are going to go ahead and assume that if that is your inclination then you won't need us to explain it. But one trick we love is running Azureus in 'headless' mode. That means it doesnt need a monitor attached to the computer on which its running. The first step is to download and install the Swing Web Plugin. Follow the same steps we used for the RSS Feed Scanner and look for Swing Web Interface. Once its installed, you can point your web browser to http://:6883 (thats port 6883) and you should see something that looks very familiar. The last step is to launch Azureus without the graphical interface running on the remote computer. For that, we've used a snippet of code we found. Just copy and paste this into a file called azureusd.pl and make it executable. (again, we aren't going into details, but if you want to know more, just drop us a line!)

#!/usr/bin/perluse POSIX 'setsid';open STDIN, "/dev/null";open STDOUT,">/dev/null";open STDERR,">/dev/null";exit if fork > 0;setsid;exec("java -jar Azureus2.jar --ui=console");

Thats it for Part 1 of FutureShow/BroadCatching. If you've followed us through the nerdy tangle that is BroadCatching then you are more than half way there. We'll be back soon with our follow up. We've got a great, and low cost way to use a Mac Mini as a dynamite home theater system using the content that you are now BroadCatching. We are going to pare some Open Source software with a great remote control app and you'll wonder how you ever paid the cable company your hard earned cash.

Remember, the first ten comments will get TVtorrent.com invites, so keep up coming!

-ND

FLOSS - The Great Software Giveaway

info@archatechs.com — 2007-03-01T21:47:05-05:00

Here we go again, back to business. Hopefully no one was too offended by our iToilet project. This time around we have a doozie of a list for you. The best part is that everything we are going to talk about today is 100% free...as in beer or speech.

Welcome to the Great Archatechs Software Giveaway! Ok, maybe thats a little presumptuous. Today we are going to try and regain a little composure and talk about free, libre and open source software (FLOSS). 'Open source' refers to any application, or snippet of code (we are talking about the 1's and 0's that make things tick), that is made publicly available. By contrast, with closed source software the general public does not have access to view the code.

You know Bismark's old axiom about laws and sausages? Well to many of us it applies to computer applications too. That is, we don't really want to tinker with the source code per se. So you are asking: “why then do I care about the source code?” Well, one typical advantage to open source software is that since anyone (by whom we mean the boys in the lab) can download the code, they can assemble it them selves and thus have a working, free application. Still not totally with me?

Ok, back to the sausage analogy. Imagine going to your local fresh organic market. You mosey past the meat counter and something amazing catches your eye: racks and racks of fresh sausage... Spicy Italian sausage, bratwurst, chicken and blueberry (hey, know our sausage, trust us!), Spanish chorizo, the choices are endless. So you buy some sausage and take it home. At this point you have no idea what is actually inside that sausage- and you are ok with that because it sure does taste good (braised in a nice tomato sauce). But what if you wanted to make a dish that required ground sausage, rather than those nice links you bought? Imagine standing poised over your chopping block with a sharp knife ready to bisect the link and scoop out the porcine goodness when, all of the sudden, the Sausage Police burst through the door! Quelle Horreur! What is this heinous crime against ground pork that you've committed? Well apparently the good people over at MicroSausage are ok with you buying the sausage and cooking it whole, but they don't much care for you dissecting it and using it in other recipes.

Fortunately for us there is a solution. Long before MicroSausage dominated the market with their popular Maple and Hickory Smoked Links (sorry, we at Archatechs get a little carried away with food analogies sometimes) some die-hard inventors of the original sausage grinder decided that porky pickings should always be free to all mankind. The result? They published their recipe for the entire world to use. They just ask that if you make a new recipe using their sausage that you give credit where credit is due.

By now you are either ordering Italian takeout or completely lost. What on Earth does sausage have to do with geeking out? Well when sausage becomes software it has a lot to do with it. Open source software means that not only are the applications (usually) free but that they are community supported. That means anyone is free to use the application or modify it to suit their needs (provided they give credit to the original source). Here at Archatechs we are big believers in FLOS (Free Libre and Open Source) Software- in fact we've highlighted several of our favorite FLOSS projects in the past. [Just take a look at: Its Raining Bits, the Ultimate Home Network part 2, and Trixbox.] Chances are, even if you haven't tried one of our projects that you interact with FLOS software every day. Ever visit Amazon.com? Amazon is running the free and open source web server Apache. Got a cell phone that plays games? There is a good bet that it runs software called Java to do so. Apple's operating system, OS X, is chock full of FLOS software under the hood.

While we'd love to extol the virtues of open source and wax fondly about the community nature of its development, perhaps the best way to get people on board is to get them using some open source apps. So, here is our list. One thing you may note is that since the source code (remember, talking uber nerd programing languages here) is publicly available that anyone can download it and make a version of the application. That means, for almost every operating system (Windows, Linux, OS X, FreeBSD and more) the work has been done for you; just download and install. It also means that almost all of these applications have versions for almost every major operating system.

Oh, just one more note before we dig in. FLOS software is supported by its users and community. Support can come in may ways. The most obvious way to support a project is through a monetary donation, but what many leaders in the open source community will tell you is that simply spreading the word is just as valuable. Since open source projects tend to have a limited budget, we have to do the marketing for them. So, if you do have an application on this list that you really enjoy, please share it with a friend, in fact share the whole list with a friend!

Presenting the Archatechs Great Software Giveaway....er...something

Firefox – Web Browser

Chances are this will be one of the most familiar open source projects to any reader. Firefox has become the fastest growing web browser on the market and is quickly taking marketshare from all corners of the tech world. Firefox is not only faster than many of its competitors (such as Internet Explorer), but in many ways its safer too. So many people equate that familiar blue “e” on their desktop with the Internet itself; but once you try Firefox you'll never look at the “e” the same way again. If you pick just one new FLOS app to try, make it Firefox. (and if you do make it Firefox, do us a favor and follow one of the ads on our site.)

OpenOffice – Office Suite

Did you know that all Archatechs articles are written with free software? OpenOffice is a complete office suite of applications including a word processor, spreadsheet, presentation application and more. OpenOffice can read and write almost anything that Microsoft Office can. And, since it runs on Windows, Linux and Macintosh computers, and uses an 'open' document format you will never worry about file formats again. In fact, you can even open, edit and save PDF files. You'll wonder why you ever paid $200 or more for software again!

Thunderbird – E-mail reader

From the makers of Firefox, Thunderbird is a fast and reliable email reader. From accessing your Google Mail account to checking any other account, Thunderbird is very capable. What it lacks in a stunning user interface it makes up for in speed and reliability. Thunderbird also has a much smaller “memory footprint” than Outlook (thats nerd-talk for: it won't slow down your computer). Thunderbird can also subscribe to RSS feeds. RSS is a technology that lets you catch up on headlines, your favorite blogs and more all with out opening your web browser. Want to give it a try? Just download Thunderbird and click here to scribe to the Archatechs RSS feed.

VLC – Multimedia Player

VLC will be at the center of our next project (“Send your Cable Company Packing”). VLC can play anything! Ever downloaded a video file only to have problems playing it? Ever feel like just opening Windows Media Player takes 5 minutes? For the Mac users out there, you probably know the hurdles you have to jump through to open Windows Video files (.wmv). Never worry again, VLC will open it! VLC is small and lightweight and its fully self contained. That means you'll never have to download a 'codec' to play a new video format- they are all built in! VLC can even play High Definition video and Dolby Digital audio. VLC can also play DVD movies so you won't have to shell out for playback software on your new laptop. VLC can even convert files from one format to another, or stream them over the Internet to another computer.

ClamAV, ClamWin and ClamAVX – Virus Scanners

The ClamAV projects and its variants for Windows and OS X are free virus scanners. Our more nerdly readers my be chuckling right now, thats because they are questioning why we'd even mention a virus scanner for Linux or OS X. Well, its because they make it....and some of us are the belt and suspenders type. For you windows users you probably aren't laughing because you know what a reality viruses are (yep, viri is not a word) . If you are running windows you simply must have a virus scanner and why shell out for Norton and its subscription service when you can get the power of ClamWin for free?

Sunbird – Calendar

This is another application from the Firefox folks. Sunbird, like Thunderbird,is a little on the sparse side when it comes to its user interface, but it does work well. Use it stand alone to keep track of your important dates or connect to a calendar server like Google Calendars or Zimbra. If you want a more integrated feel, simply download Lightening- its a plug in for Thunderbird that integrates Sunbird's calendar features with the email reader.

The G.I.M.P - photo and graphics tool

While The Gimp is not quite a Photoshop killer (although some might argue otherwise) it is a very powerful and capable image manipulation tool. The Gimp can do almost anything photoshop can do and all without the $600 price tag. Recently some more user friendly variants have popped up including GimpShop where the user interface was re-designed to mimic Photoshop.

Audacity – Audio recording and processing

Looking to make your first podcast? Try Audacity and start recarding professional-sounding shows right away. Audacity also makes a great multi-track recorder for those musicians out there.

Samba – connect to windows file sharing

We debated about including this in our list. Downloading and Installing Samba (for non-windows computers only, windows has the functionality built in) is not trivial. However, we thought it was worth a mention. A version of Samba already ships with OS X and most flavors of Linux. Its what allows you to see, browse and share files with Windows computers and servers. While we arn't going to get into the details now, look for samba to play a role in our next project.

Truecrypt – File Encryption

Truecrypt is a bitter-sweet topic for many of us. Sadly, Truecrypt is currently a windows-only application. Nevertheless its really amazing. Truecrypt allows you to encrypt files and data in a number of ways. Lets put it this way, with Truecrypt you can protect your sensitive files from even the most prying eyes, period. Truecrypt is so flexible and powerful that Leo Laport and Steve Gibson dedicated an entire episode of Security Now to it. Have a listen here.

Songbird – Music Player

Songbird is a great example of how open source can work. Tired of closed source applications like Windows Media Player and iTunes, Songbird's creators set out to build their own tool. Rather than start from scratch they took a look at other projects to see what they could borrow. It turns out the Firefox, the open source web browser, already had a great platform for its user interface. With the 'mozilla engine' in tow, they were able to write a great music library and player based on a web browser's code! One thing that bums us out though, songs purchased with DRM (digital rights management, like from iTunes or the Zune Market Place) won't be playable in Songbird.

Trixbox – a complete telephone (PBX) system

We are headed back to our roots here. What would a list of open source software be with out a mention of our favorite project. Trixbox is a downloadable CD that you put in an old PC. Once you reboot it installs it self and in less than an hour your have a complete telephone system. With Trixbox you can take control of your communications and reduce you phone bill to just dollars a month (it makes a great answering machine too). For more information, head over to NerdVittles.com.

While this is clearly not a complete list, we hope its enough to whet your appetite. We've tried to provide free examples of free, open source software that satisfies almost every home user's needs. With tools like OpenOffice, Firefox and Thunderbird you can take back your desktop. For multimedia enthusiasts, make sure to check out VLC, The Gimp and Songbird. If you are on windows, you owe it to yourself to be running ClamWin. Remember that news story about those stolen laptops with sensitive customer data? Truecrypt would have solved that problem! What are you waiting for? Try some of our favorite FLOS apps today. And please remember, if you like them then ask how you can help. Most of these projects have pages on their website dedicate to ways you can assist, and it doesn't have to cost you a dime!

Oh, in case you are wondering, how does someone write the worlds most used web server and give it away for free? When companies like Amazon, Ebay and Apple come calling, they also ask “how can we help?” In exchange for large contributions of time, money and man power, they frequently get top pick of bugs that get fixed in the next release. So next time you fire up Amazon, you aren't just shopping, but you are supporting programmers and free software all over the world and when that happens, we all benefit!

Be sure to check back soon for Send Your Cable Company Packing – broadcasting and our ultimate home theater PC.

going down the tubes - presenting the iToilet

info@archatechs.com — 2007-02-23T11:12:06-05:00

UPDATE: we are having problems with our Canon Rebel Digital SLR at the moment. Check back very soon for more and improved pictures!

Wow have we been busy! Well, by we, I mean me and by busy I mean 'swamped at work'. While its pained me to neglect the site I have to keep doing what keeps the bills paid.

The good news is that we are back. This time I'm going to drop the rest of the Archatechs team and highlight a little project that I've been been working on myself. This one isn't the most practical of our guides, maybe not even the most mature, but I got a kick out of it! And, maybe in the end its a great way to highlight the culmination of what you can do when you've built the ultimate home network or our NAS storage system; Hell, we've even thrown in VoIP and a touch screen.

What is this amalgamation of tech wizardry, this concofination of nerdly delights?

Ladies and Gentlemen (really mostly the gentlemen, I think) I proudly present:
The iToilet

Yeah I said it, the iToilet. The iToilet is the geeky culmination of all things... awww who are we kidding. This one is just plain fun! Take an old Mac, a touch screen panel, some cat 5 cable, maybe a Cisco VoIP phone then toss in a dash of a 2 terabyte NAS chock full of audio and video, toss in a flashy front end and a DirecTV receiver and you have your very own iToilet.

Viewing the iToilet from the the doorway
Like I said, we've given the boys in the lab some much needed time off. I'm excited to spend some one-on-one time with you reader. Here's the best part, if you've followed our Ultimate Home Network (Part 1 Part 2 and Part 3), our guide to Whole House Audio and Its Raining Bits then then you have all the basics for building your own iToilet.

What the duce?

Here's the details, probably with more color photos than you'd prefer. I've started with our Ultimate Home Network. We have been remodeling our home for about three years now. The best part about a do-it-yourself job is the freedom to run copious amounts of cat 5 cable through walls and between floors.

The end result is the iToilet. I've taken an older mac and turned it into our uber throne entertainment system. So, sit down, touch the screen, turn the knob, and hold on. With iToilet.net you can check the weather, watch the news, make a phone call, maybe even surf over to Archatechs....just spare us the video conference!

To get started we had to wire the infrastructure. In this case, to save space and maximize bandwidth, we used about ten feet of fiber between our server room (by which I mean laundry room with servers in it) redundant server room (by which I mean my closet with more techno gear). Why fiber? Haven't you been reading? We do these things because we are geeks- right people? My little geek corner of my closet is home to a sixteen port switch, two wireless access points (one for the public wifi and one for the WPA2 protected private), and two DirectTV recievers – as well as various audio / video gear. The best part, if there is one, about an 'A frame' roof is the ability to go up and over with cables. From the closet-turned-server-room it was east to run everything via cat 5 to a crawl space on the other side of the room.

Up and over the new bathroom- be sure to check out the shower extension of iToilet below- brings the cables to another crawlspace. Lucky for us, Leviton, our favorite brand of cat 5 jacks and plates also makes great s-video and RCA jacks that also fit into the QuickPort series. The best part of the Leviton jacks is that they can all use cat 5 to carry audio / video signals. One cat 5 cable has 8 wires burred inside. Two audio channels (thats left and right) takes four wires. That leaves four more for s-video, that makes cat 5 perfect – one cable for audio and video. Now, I hear you audiophiles out there: “we only run audio over single-strand silver cables with gold plated ends.” Yeah, but this is a 7” touch screen in my crapper! That one cat 5, terminating with two RCA jacks and one s-video on each end, takes care of our A/V needs. In the media roo...I mean my closet, I've connected things to the spare low-def port on a an older DirecTV receiver. On the other end, I've got a nice Leviton faceplate and a Lilliput 7” touch screen monitor.

wiring closet

Where's the beef?

I know what you are saying, 'cool you have a TV in your bathroom, big whoop...” Well it doesn't end there. The heart of iToilet is really the old iMac in the crawlspace (how many people get to say that often?). Balancing...ahhumm...mounting the iMac in the crawlspace was quite easy. I used a long flexible drill bit (just like we used for the Ultimate Home Network Part 1) to run the special rounded usb / vga cable through the wall. In addition to the audio / video cat 5 I pulled, I also ran two other cat 5 cables. Both of which start at the switch in the closet. One of the two data lines terminates at the iMac – its what gives the iMac its connection. The second connection is run to different low voltage junction box and ultimately a Cisco VoIP phone (remember that early Asterisk article?).

The Bathroom Attendant

With all the connections made it was time to focus on the front end. Though I have a soft spot in my heart for the PowerPC chip and all flavors of Linux that run on it, OS X was the clear choice here. After searching around the mp3car.com forums I found AMP (read more here). AMP is an amazingly well designed frontend for OS X. Imagine FrontRow for touch screens...its perfect for iToilet. With AMP loaded, all I needed was that extra special touch. That's when I dusted off a Griffen PowerMate that had been collecting dust in my office. With the Griffen software it was easy to make AMP scream. From one touch screen I can watch videos from our NAS server, I can make a call using our VoIP server or even play iTunes in any room in the house (remember, check out the shower extension below). Of course, its only possible through our ultimate home network!

The iToilet running AMP

view from the thone

Griffin PowerMate

The AMP interface

Yep, thats a marine speaker mounted in the shower!

Wiping Up

As you can see, we've taken the basics of all our 2006 articles and we've started 2007 with a bang... I mean drop in the bucket..i mean bust...well you get the idea.

Best of all, the iToilet runs its own Apache web server, check it out at theiToilet.com !

See all of the iToilet and other Archatechs pictures at Flickr

We're back!

info@archatechs.com — 2006-11-07T14:30:14-05:00

Did you miss us? We have been on hiatus lately, focusing on some projects as well as our day jobs. But don't worry! We have a lot of good info in the pipeline and we'll be back with some new stuff very soon.

In the meantime, take a look at some of our past articles:
Raining Bits - Build your own NAS

Pimpin Ain't Easy - the ultimate home network part 1 part 2 and part 3

Our Ultimate WiFi iTunes Remote

Whole House Audio

Announcing the Archatechs Podcast, Contest and Store

info@archatechs.com — 2006-08-09T11:12:05-04:00

Announcing the Archatchs Podcast
Just one problem...we need a name!

Just submit your suggestions for a name over in the forums and if we pick yours, you'll win cool stuff.
How great is that? We don't know just what you'll win, but it will be something geeky!
While you are in the forums, submit a question and we'll try and answer it on the show. Anything from Audio to VoIP, we love it all!

We've also opened a store where you can buy gear to pimp you, your car and your home.

Its Raining Bits - Build your own network attached storage part 1

info@archatechs.com — 2006-08-03T18:10:29-04:00

Extra Extra
Get 'em while they are hot!
Seagate 300gb Drives for $90
Seagate 400gb drives for $200
$500 GB drives fro $257!
A whole list of inexpensive drives from Newegg

Hey there fellow geek, welcome back! We got one so big for you this week! Well, ok, it could be small, but the idea is BIG. We are talking about big storage, lots of it. More data than you can shake a stick at. Some of you may be able to remember a when nerds could carry just about everything they needed on a 1.4 megabyte diskette. We dug through the Archatechs Museum of Nerdom and found a 20 megabyte hard drive. When we could finally put an entire gigabyte on a computer we thought: "surely this is enough storage to last us for ever, we'll never need more." Oh what naive geeks we were. We bet most of you have a more realist idea of storage. There was a time when people laughed when you said "hey, I'm going to put all of my CDs on my computer!" Then the movie industry said: "no one will ever have enough storage to copy DVDs to their computers..." But you know better. There just one problem, where do you fit all those bits and bytes?

Least we forget, remember to check out the new Technopimpin' forums!

Let us introduce you to FreeNAS, a simple way to create your own Network Attached Storage server.

This go-round we are going to delve into building your own FreeNAS server and why you'd want to do such a thing. We've been saying for a long time that its increasingly common to have multiple computers in the house. With Network Attached Storage you can easily shared folders, or volumes, that every device on your network can see and use. With computers shipping with 250 gigabyte hard drives, its pretty safe that say that you can fit your entire music library on one computer. But what if you want to share those files with other computers? Better yet, what if you want to put your video collection online? Its not as crazy as you think. DVDs are easy to scratch (we know, we tried to watch a 5 year old copy of Tron recently that had more scratches than a 82 Chevy Nova). An online video library means you can also watch movies anywhere in your house. Just grab a Mac Mini, hook it up to your HD TV and connect it to your NAS server. You've got instant access to all of your DVDs. Another great use for NAS is just keeping files in a central location. Want to share a document, throw it on your NAS box. Finally, and this may be our favorite reason, you can use it to back up files! Go ahead, raise your hands if you haven't backed up lately...its ok, we won't look...ok we lied, we looked and caught you. Nothing is worse than loading 25 or more blank CDs into your computer to back up, we know why you don't do it. The bad news is, all it takes is one virus, one bolt of lightening, one trip to public hotspot and your data is gone for good. So, got the picture? Lets build a FreeNAS sever.

What you'll need:
A FreeNAS CD - downloaded from FreeNAS's site and burnt using your favorite burning software.
A old PC - a $70 clunker from Ebay will do. We know people who like stuff like these too.
Hard Drives - We'll get into this in detail. Chances are you'll want more than one. Read on...
Hard Drive Controller Card - optional, depending on how many drives the old PC you are using supports.
Gigabit network card - this is optional but will improve your speeds if you have the network to support it.

We expect the total cost of a FreeNAS solution to run anywhere from $100 to $1,000.00 depending on how much storage you want.
But here's the good news. The popular brands of NAS with 1 terabyte (thats 1,000 Gigabytes) runs about $1,000.00. You can build one with FreeNAS for about $400.00! If you don't need a terabyte you can certainly spend a lot less.

While the ability to share files has been built into almost every major operating system since Windows For Workgroups (big nerd high-five for those unfortunate enough to remember that one!), file sharing at home has never worked quite as well as in a corporate setting. One of the main reasons shared folders on your office network work so well is DNS, or domain name service. We talked a little about DNS when we covered IPcop in part 2 of Pimpin Aint Easy. Think of it like that cocktail party you went to where you knew faces but not names. You could shake hands, but you'd be hard pressed to say "Hey Joe, been a long time". Well computers on your home network are the same way. That means if you want to access files from the office computer on your wireless laptop, you have to know that IP address of the office computer. You also have to know a username and password on that computer to access those files. FreeNAS means you only have to remember one IP address, and we'll even show you a trick to assign it a real name. FreeNAS also allows you to manage users and access privileges in one place. For the those of you with true geek souls, stay tuned for our next article: One Password to Rule then All, we'll cover a network directory server for even more user and password goodness.

One last note before we dig in: FreeNAS does a great job once its up and running, but the install process leaves a little to be desired. Its a little tricky, but we are going to try and walk you through it. You may have to play around a bit until you get the set-up just right. While we aren't going to get under the hood and do anything too techy, a even a novice linux skill set will help you a lot with this one. Go a head, give it a try...we promise its not tooooooo hard.

Lets get started. First, download the FreeNAS ISO from this site. Once you have it downloaded you'll need to burn it to a CD. That's not as simple as copying the downloaded file to a disk. We have to take that ISO file, which is like a freeze-dried CD, and reconstitute it. On the Mac you can use Disk Utility, located in your utilities folder. Just select Open ISO from the file menu and then click burn. On windows most popular burning software will take care of ISOs. We like Nero but UltraISO is an inexpensive alternative. Before we can load up FreeNAS we have to make some choices.

First, what is your goal for network storage? NAS can work in a few ways. In its most basic 'mode' you have one hard disk. FreeNAS divides that disk two or more partitions, or virtual disks. The first, and smallest partition is used to hold the actual FreeNAS software- its the brains that makes the whole thing tick. The rest of the drive is used for storage of your files. Another option is to use more than one drive to create one large "virtual drive". In that example you will need a 3rd drive or USB key to hold the FreeNAS software since it cannot live on disks being spanned (creating one large disk). Since FreeNAS only takes about 100mb, you can probaly use the existing drive in the old clunker you bought. If that is not an option, look for a 128mb USB key, they run about $20 in most stores. The final (at least that we'll cover) way to use FreeNAS is for those of you who are truly paranoid about losing data. In this mode you take two or more drives of the same size and treat them all like one hard drive. The difference is rather than creating a large virtual disk, the drives are not "spanned" but "mirrored" So if you put in two 300gb drives then FreeNAS creates a 300gb volume for you. However it will make copies of everything to each disk in the array. That benefit is, if one of the disks breaks or fails, then your data is still safe on the other disks. Think about it like built in backup.

Each of these scenarios represents a type of something us nerds call RAID. RAID, or Redundant Array of Inexpensive Disks, is a way to take advantage of more than one hard drive to provide storage the way you want it. In our examples above using two or more drives to create one large virtual drive is called RAID 0. If you want to use 2 disks of the same size to create a copy on each hard drive, then you would use RAID 1. But wait, it gets better. There is another type of RAID we can use called RAID 5. With RAID 5 you can use (at a minimum) three disks to create a volume that is both redundant and spans the data. It offers some of the best of both worlds. With RAID 5 any single disk can fail and you can re-create it's data by adding a new disk into the array. RAID 5 gets a little tricky to understand. If you want to learn more, check out this article from The Wikipedia. All of you readers may wish to play with RAIDcalc, a web site that helps illustrate different configurations. One last note about Raid 5: You may actually be able to get more "bang for your buck". For instance, the going rate (at the time of writing) for a 500gb drive is about $275. You can slap two of those bad boys in your FreeNAS box and use RAID 0 and get a terabyte drive. For About $600 you have made something that retails for $1,000.00. But, if we use five 250 GB drives, about $80 a pop, with RAID 5 you do the same thing for about $500 (Including $70 for your old clunker). The best part, even those expensive $1,000.00 devices don't offer the redundancy of RAID5! Play around with RAIDcal and determine what works best for your budget.

Oh, one more thing. Most PC can handle only 4 drives. For about $35 you can pick up a hard drive controller card that will support two or four more drives, depending on the card. Thats just one more reason to use a USB thumb drive to hold the FreeNAS software.

Dr. Frankenstein

Now its time to preform the operation. First open up your subject and install the hard drives according to the manufactures specifications. If you are adding or using a controller card, make sure to read up on installing it as well. Drive and cards usually come with screws and mounting brackets. They also come with CD-ROMs chock full of...well, nothing we need, so toss em aside. Once you have the drives in place, close up the patient.

This is a bit like a brain transplant, feel like Dr. Frakenstein yet? This is just like our article on IPcop, once you load in the FreeNAS CD and reboot, it will format your hard drive. That means everything on it goes bye-bye! If you are going to use an older PC of your own, make sure to get any of those old tax returns off before you do this, you ain't getting em back.

Once the system boots you'll get a simple text menu:

First we need to actually install the software, so select option 7

Like we alluded to, we prefer a USB install. It means you can use all the drives in your system for the RAID array. Remember, if you install on a hard drive, that drive cannot be part of the RAID. The downside is that not all computers are capable of booting from a USB key. You may need to play with your BIOS settings to make that work. You know when you first boot up there is a message bout pressing F2 or DEL or some other key for settings? Take a peak in there and see if you see an option for boot devices. If all else fails, grab a small hard drive to use outside of your RAID array.

At this menu you want to select option 1 - install onto HD, CF or USB key. The install is going to ask for the name of your CD-ROM drive, just use what it has in the menu above. Its probably acd0 for most systems. The next question asks for the USB drive, check the list of what it offers and find the device that corresponds to your USB drive, ours was da0. After the software is copied and installed, remove the CD and reboot.

After the system reboots you'll see the setup menu again:

This time, we are going to chose option 1 for the Interface setup. Again we want to go with what the system shows us in the menu.
In our case the installer has identified the network card as de0 so enter de0 for the LAN interface name. Once you are done, the system will prompt for a reboot.

This time, from the main menu we are going to set up the IP address for the system. So select option #2

Since we are going to need to know the IP address of the server when we are done, DHCP is not an option. We need to manually assign an IP address. Make sure its one that is not being used by anything else on your network. If you are using IPcop and configured it according to our article, then anything below 100 should be safe. We chose 10.1.1.55 . Also, make sure to use an address within your subnet. That means if your computers all use 193.168.1."something" then FreeNAS needs to also start with 192.168.1... The system then asks you for the Subnet bit count, this is a fancy way of entering the subnet. Since most home routers, including IPcop, only use class C addressing, or 255.255.255.0, then entering 24 for the bit count should work for almost everyone. You should see this screen next:

Great news, that was our last step in the black and white wold of the installer!

To the Web!:
Now that we've installed the software and setup the networking pieces, we can do the rest from the web based gui. Using firefox, or any web browser, enter the IP address that you assigned.
You will get prompted for a username and password. The default username is: admin and the password is: freenas . You should get a screen that looks like this:

There is a lot going on on this page, so we are going to focus on the basics of getting the file server up and running.
Lets start in the DISKS menu. Click on Management.

From here, we can see a note that says we need to add the hard drives. Just click that little plus sign hanging out there on the right side of the screen.

There are a lot of options on this screen. We have chosen to keep the defaults, but you may want to investigate the power management or acoustic level settings. If you are creating a server that will be accessed infrequently it might be advantageous to conserve power. Similarly, if you are going to place the FreeNAS server in a room where you spend time, you might want to optimize the drive to run more quietly. Of course that also means the drive is going to run a bit more slowly, and that could cause issues with sharing music or DVDs. With your options set, click the ADD button. Oh, we didn't forget about the formatting menu, we'll come back to that! Repeat this process for each of the drives in your system.

That should bring you back to the main disks screen but this time you'll see your newly added disks. You should also see a note about applying the changes. If you are happy with your choices, click the apply button. Now, select the Format tab on that same screen. Again, keep the defaults and click Format. Remember, this is going to erase your drives!

FreeNAS will report the output of the formatting commands and let you know when it is complete. This time we are going to click on Mount Point from the left menu.
Again we want to click the little plus sign to create a new mount point. We are going to keep the defaults and give the mount point a name, we chose "music". Remember to save and then click the apply button.

Share the love
We are almost done with a very basic setup. Just a few more steps and you'll be sharing files left and right. There are several ways, or protocols, that we can use to share files and folders. The most common for windows and the mac is something called CIFS, you may also know it as SMB or just windows file sharing. Under Services on the left, select CIFS.

As usual we are going with mostly defaults. The options you do want to fill in are the NetBiosName and Workgroup. For the NetBiosName give your FreeNAS server a name, anything you like. For the workgroup you want to use the same setting that you use for the rest of your computers. If you've never heard of that setting or have never changed it, then just enter "workgroup". You'll notice that we used our own internal domain name. We also entered the address of a WINS server on our network. If you don't have a WINS server, and lets face it you probably don't, then just leave that blank. Click save when you are done.

Take it for a spin - thats hard drive humor
WOW! Once again we've managed to burn about 2 hours of your time and you may not even be sure why at this point. Well its time to test the system and see how we did.

Windows:
There are a few ways to access shared drives in wndows. The most user friendly way is by going through My Network Places. However, My Network Places in windows requires a WINS server to really work correctly. Microsoft knows that most people don't have WINS servers at home, thats why they built a mini WINS server into each copy of windows. The problem is that is just doesn't work! So, we are going to teach you the super-geek way...hey you can use it to impress your friends.
First, click the start button, and click run.

That will cause the run dialogue box to appear. Once it does, we want to enter the IP address of the FreeNAS server proceeded by two backslashes, those the the ones right above the return or enter key.

Click OK and you should see a widow like this shortly:

Congrats! Check out your shared folder and enjoy! You can point your itunes or windows media player library there and share your music files all over the house!

If you want to make sure you always have the shared folder, you can "map" it as a network drive. Thats a little tricky so check back for part 2 where we'll cover that.

OS X
Like windows' my network places, OS X can browse the network graphically, but its also a little rocky. We are going to follow a similar approach for mounting the drive in OS X.
In the Finder click the GO menu and select Connect To Server...

Here we are going to start with cifs:// followed by the IP of the FreeNAS server. We've also included the name of the share which will take me right into the Music folder.
Click Connect and you'll be rewarded with your new shared folder.

Oh, and those other entries in the Favorite Servers section, see how they use a name and not an IP? Thats all part of Part 2, so come back soon! We'll also show you how to make sure the share is available every time you start up.

So, pat yourselves on the back and take pride knowing you've pimped your pad yet again!

What's Next?

In part 2 we are going to look at:
RAID
Adding multiple shared folders
auto-mounting the shares
Sharing media files such as music and videos
Adding security to the shares
and much much more!

Like this article? Digg It!

Yo, Check It - Announcing the Technopimpin' Forums

info@archatechs.com — 2006-08-02T16:29:55-04:00

While you are waiting you get your hands on our next juicy bit of geekness why not check out our new forum!
Technopimpin, our forum, is a great place to swap some of your own home technology stories as well as get some help along the way. So, sign-up, log in and spread the word!

Pimpin Ain't Easy Part 3 - locking down that pimped pad

info@archatechs.com — 2006-07-05T15:29:23-04:00

Editors Notes:
We've been on a bit of a break, but thanks to some encouragement from Ultimateone and a few others we are ready to push Part 3 of pimpin' out the door to you. This one is a little light on whit and a tad dry. Check back, we'll keep re-working this article as we have time.

After a little summer hiatus we are back and ready to roll on the 3rd and final post in this series. If you followed Pimpin' Part 1 and Part 2 then you are well on your way to a home network that would make any nerd proud. Last time around we talked about using an old PC and IPcop to build your own router and firewall. In part 3 we are going to go into some details on customizing IPcop as well as our take on WiFi networking. So grab a mountain dew and your copy of the matrix because this is going to be another geeked out venture deep into the world of nerdom. Like always, drop us a line or leave a comment if you have any questions.

At a recent dinner party- yeah even the boys in the lab get out, sometimes- we overheard a conversation about MySpace and how the internet is dangerous for children. While none of us in the Archatechs corporation claim to be parenting experts, a true nerd knows there is safety in numbers (specifically 1 and 0). One way to keep children safe is to regulate what they can and cannot access on the internet. Most schools- at least those with net access- are already applying this 'content filtering' to make sure even innocent web search don't trigger an adult-orented advertisement or worse. Think of content filtering like the child lock on the liquor cabinet or the parental controls on your TV. Perhaps you are just tired of ads or pop-up sites, no one said you have to do this for the kids only. Another useful trick is to control access to selected services based on time or day. Want to make sure Junior isn't on myspace or using instant message during homework hours? Just turn on a rule on IPcop.

The other area we promised to cover this week is setting up security for your wifi network. Since your wifi signal may very well extend past your front door and out into the street, it makes your network an open target. Really there are two threats: A) someone accesses your data B) someone uses your connection to do something malicious. While both come some of other nasty side effects (like slowing down your connection) really you have to decide if you are concerned by either or both threats. Frankly, even though its our policy to enforce security, we have had some discussions with people who are just not convinced. We've heard "Oh, I dont have any data I'm worried about" or "why would someone hack my connection with a password, when there is an open connection from my neighbor". Don't worry, we'll scare you into following our security logic, keep reading!

Before we can talk about filters and wifi and tcp and udp and any other TLA (three letter acronym) we have to lay some ground work. One of the King Nerds out there has got to be Steve Gibson of GRC.com. Steve hosts a security related podcast with ex-TechTV host Leo Laporte. Steve has had some great discussions about how home networks, routers and the internet, in general, works. We suggest episodes 25-27 and 42 of Security Now. We like to think of internet routing in terms like the postal service. In part 2 we mentioned that each router is like your local post office. Think about mailing a letter from Washington DC to San Francisco. When the local postman in Washington picks up your letter and sees the destination is 1234 Main St in San Francisco he probably doesn't personally know how to personally get the letter all the way to San Francisco. So, he takes the letter back to the post office which knows how to get it to the post office in San Francisco. That San Francisco post office gives it to a post man who knows just were 1234 Main St is. Here's where it gets fun. Lets say 1234 Main St in San Francisco is a business with 4 people working inside. If you want the letter to reach a specific resident then you have to address it to them. The postman doesn't know who any of the people inside are, thats the job of the person in the mail room. The internet works pretty much the same way. Your Internet provider (ISP) gives you one public IP address. That's like your street address for the internet. But what happens when traffic needs to reach a specific computer with in your house. Thats where the router works its magic. It allows you to share that one public address with many computers. Now you are asking, right but how is that a firewall. Well, perhaps that is a term that is frequently misused, but we won't get into that right now. What we do need to discuss is the geeky magic that is NAT- or network address translation. When you enter www.google.com on the kitchen computer the router makes a tiny little note "ok, if any traffic from google comes back, I need to make sure the kitchen computer gets it". Then someone in the office trys to go to www.bbcnews.com and the router makes another little note. All of the sudden traffic from a hacker just appears at the routers door. The router checks all its little notes and says "hey, no body requested this traffic, I'm just going to totally ignore it!". That's how NAT router protect you. By literally dropping unsolicited packets you are guaranteed to get only the stuff from the internet that you requested. Its been demonstrated that a if you put a Windows XP computer right out onto the internet with no protection that it will become compromised with spyware and viruses with in seven to 15 minutes! Putting a simple NAT router (like our IPcop boxes) in front of your network will keep your computers safe from most threats.

Ok, but what if you actually want the outside world to have access to one of your computers. For instance, you are planning on building a Trixbox server for VoIP, but in the mean time you are using Skype. Well, if your router is blocking unsolicited traffic and a call comes in, then the router is going to drop the packets before they ever make it to your computer. (For the alpha nerds out there who are shouting 'but what about skype's ability to traverse NAT routers!' we hear you, just go with it as an example) In instances like VoIP, or some games, it may be necessary to allow traffic from the internet that you didn't specifically request. Since we know putting a Windows computer unprotected on the net for even a little while is risky then how can we expose only a tiny portion of that computer? Ports. Think of ports like windows in the house. You wouldn't want to leave your front door wide open, but it may be ok to allow some fresh air in through a window. Ports are your computers way of doing the same thing. For instance, to view this web page you are talking to our servers on port 80. In order to bring you this pimptastic content we don't have to let our servers hang out in the net unprotected, we just open up port 80 and keep everything else battened down. Got the general idea? Lets say you want to access your home Windows XP pro computer from anywhere on the internet? Just enable remote desktop (right click on my computer, click on properties and then click on the remote tab) and open port 3899 on your router.

In IPcop you access the port forwarding section from the firewall menu. Just select Port Forwarding.

Pasted Graphic
One of the reasons we like IPcop over the traditional consumer routers is its ability to preform 'stateful packet inspection'. That means you can pick and chose who on the public internet you want to open ports for. Its not the most secure idea to open access to XP's remote desktop to the entire world. However, if you know your IP address or range (ask your IT guy) then you can allow access to remote desktop only from your work computer and not anywhere else on the internet.

But we promised you an article on content filtering a WiFi and here we are rambling about ports. If you want to know more about some common ports (or need to determine what ports to open) check out PortForward. You may also want to do a few google searches before you open a port. If it is one that is known to be a security hazard then you might want to consider an another plan. For instance, ports 138 and 139 deal with windows file sharing. Its probably not a good idea to open your hard drive to the entire world. Also, security experts are ardent that changing a services default port is always smart. In that regard you may want to be able to access your Mac via VNC remote control. VNC normally operates on port 5900, but we'd recommend picking something random like 8764. Normally that would take a trick or two in the configuration on the VNC server. However with IPcop you can specify a source port of 8764 and a destination port of 5900. That means you can contact your Mac via 8764 on the internet and never have to change the default settings on the Mac itself.

Show me the good stuff (only)

We had the boys in the lab check out several of the filters that are available for IPcop and give us their opinion. While they liked bits and pieces of each, there just wasn't a solitary solution that fit the bill for everything we wanted... but there are two add-ons that combined make a great content filter. URL Filter and Advanced Proxy by Marco Sondermann make a dynamite combination. Advanced Proxy builds on the Squidguard proxy already present in IPcop and puts some advanced features at your fingertips. With advanced proxy you can specify which computers are filtered and which ones have unfettered access. You can restrict access times, types of traffic and more. URL filter adds even more functionality by allowing you to block content by types. Simply put a check box next to "drugs" and IPcop will do its best to block access to sites relating to drug use or sales. One of the nice things about URL filter is the ability to block sites at certain times. Just enter oscar.aol.com from 3pm - 5pm and you've blocked AOL Instant Messanger during prime homework time. Installing both AdvProxy and URL filter takes a little work under the hood, but we are here to guide you through it.

First, download both URL Filter and AdProxy from the links above. Getting the files over to your IPcop box requires the use of SFTP, or secure File Transfer Protocol. On windows we like to use WinSCP. While OS X has sftp built in to the command line tools, for a nice pretty graphical interface we go with Fugu. Fire up either WinSCP or Fugu and enter the address of the green network card in your IPcop box. Its the same address you use to access the web interface, probably 10.1.1.1 if you followed out lead. Normally SFTP works on port 22 (like SSH) but in the name of security IPcop uses port 222, so make sure you change that in the appropriate place in your client. For the username, we are going to use the root account- you do remember the password from the install, right? Once you've logged in you can drag and drop the files from your computer to IPcop. We like to put everything in the root directory, /root/ . Once you have everything copied over, its time to get into the command line. We are going to interact with IPcop via SSH. If you are using a Mac, just open up the terminal (Applications-->Utilities--> Terminal). On windows you can snag a free copy of Putty. Again we are going to log in as root and we have to change the port to 222. In putty you'll see a place for the port. On a Mac the command looks like this: ssh -p 222 root@10.1.1.1 . Make sure you use the appropriate address if its not 10.1.1.1 . Once you are logged in you should find yourself in the root directory, if not just type cd ~ then press enter. Those two files we copied, ipcop-advproxy and ipcop-urlfilter should be present. You can check by typing ls then enter.

Now we have to extract the files. In linux tar/gz files are like zip files, they are compressed and contain many files inside. Here are the commands to extract the two files. Just copy and paste and press enter/return after each one. Also, you may need to change the version number depending on which version you've downloaded.

tar -xzf ipcop-urlfilter-1.7.1.tar.gz
tar -xfz ipcop-advproxy-1.2.2.tar.gz

To install the proxy server, just copy and paste this command followed by enter/return.
./ipcop-advproxy/install
note the leading period, its crucial! After a few seconds you'll get a message that the installer has finished, time for the URL filter.
./ipcop-urlfilter/install
Again, pay attention to that leading period.

Assuming you didn't get any errors, then you should be good to go. Open a web browser point it at your IPcop box (probably https://10.1.1.1:445). You should have two new options in the services menu: Advanced Proxy and URL Filter.

First, lets check out Advanced Proxy.
A proxy works by sitting on the edge of your network and relaying requests for websites. That means that your computer sends a request for www.google.com, the proxy server intercepts the request and makes its own. The proxy server then retrieves google's page and relays it back to the your computer. The end result is that your computer talks to the proxy server and the proxy server talks to internet for you. So why all the bother? Well one reason is exactly what we are after. The proxy server can filter offensive or unwanted content. Believe it or not, a proxy server can also speed up surfing. Since the server will cache, or store some of the graphics and information, it can help load pages faster. Oh, by the way, cache is pronounced like cash...just a pet-peve that we harbor around the Archatechs world headquarters. In order to take advantage of the proxy you have to enable it. If you are running a blue network for unprotected wifi clients then you'll see two options: proxy for green or proxy for blue. If you only have a green network, then you'll just set the one set of settings. Make sure to check all of the boxes. We want to enable the proxy on both networks (we'll talk about some special blue tricks) and make it transparent. Transparency means you don't have to configure anything on your computers or web browsers.

If your ISP requires you to use their proxy as well, you can fill that information into the next part of the screen - upstream proxy. Similarly, if you are using a service such as proxify you can fill in their proxy information here as well.

Cache management depends on your IPcop hardware. But if you are using something with more than 256mb of memory and more than 2gb of hard drive space then feel free to crank the numbers up. Memory cache is how much of the RAM (or memory) the proxy server will use. Remember RAM is always faster than hard drive storage, so throwing a little more RAM at the proxy server will help- especially if you have a lot of bandwidth. We like at least 250 - 500 mb of hard drive cache. Think about the cache like this: the proxy server goes to google and says "hey, I have this copy of your logo that is a week old, is there a newer version? No, ok, I'll use my copy, don't send me a new one". Thats where that little speed advantage can come into play. Believe it or not, that little exchange is often faster than just requesting a new version of the graphic logo file outright.

Restricted Air Space
The next section, Network Based Access Control, allows you to specify specific computers which have totally unfettered (or blocked) access. For instance, if you want to make sure the computer in your home office is never filtered (the proxy doesn't apply) then you can add it's IP to the unrestricted IP address section. Similarly, if you have a device that you never want to access the internet, place its IP in the banned range.
The next section also deals with restrictions. Adding time restrictions allows you to effectively turn off the internet for your entire network. Since you'll probably want to do that on a per-computer basis, we are going to revisit that with the URL Filter. The download throttling can be especially useful. If you've set up a blue network with an unprotected WiFi access point, then you can provide free internet access for neighbors and guests. Thats a very magnanimous thing to do, and we encourage it (if your ISP and local laws allow it). However, of generosity only extends so far. Its no fun if someone is stealing all of your bandwidth. In other words, if the kid down the street is downloading movies all day and night on your connection, that doesn't leave much speed for you. Similarly, if someone with a computer infected with malware/spyware joins your blue network, they could unknowingly be used to attack other computers on the internet. Limiting how much traffic they can send and receive just makes sense. How much you limit each connection is up to you. On the green network it may not be necessary to limit connections at all. However, if someone in the house is a heavy user and you find speeds elsewhere to be unacceptable, then you can place limits on the green network as well.

Here we've limited the entire blue network to about one megabyte per second. We also limited each individual computer on the blue network to only one-half a megabyte each. That means the entire blue network cannot exceed 1 megabyte/second and each but each individual computer only gets one-half a megabyte. Since broadband is considered to start at 256kbs (or 1/4 megabyte / second) then we feel like that is ample for a guest.

The last few sections of the Advance proxy deal with advanced settings. To learn more, check out the documentation here. The authentication section will become interesting when we discuss the Fedora Directory Server- but thats another post coming soon.

URL Filter
Before we leave the advanced proxy, make sure to enable the URL Filter. Its towards the bottom

Now select URL Filter from the services menu in IPCop.
Right off the bat you can block entire categories of content for every computer on your network. Blocking ads for every computer may make sense, but you may not want to categorically deny everything to everyone- we'll get to that.

The custom black and white lists allow you to explicitly deny (black list) or permit (white list) sites or domains. For instance, you may want to block all mail sites but allow access to Google Mail. Simply place www.gmail.com in the white list box.

The custom express list requires knowledge of a computer language known as regular expressions, or 're'. So unless you are comfortable with 're' then skip down to Network based access control. This is just like the same fields on the Advanced Proxy. If you want to allow unrestricted access to a specific computer, list it here. This can be useful if you want to block entire categories but have one (or more) computer that is unaffected.

The Fun Part - or how to be Big Brother
Depending on how you feel about restricting access, this is either the fun part or the part that makes you Big Brother. Click the time constrtin button in the middle of the page. You'll get this window:

This is where you can block specific sites during specific times. If you wanted to block access to AOL's Instant Messenger then you'd add oscar.aol.com to the source host. Next fill out the times you want to block and click add. You can also block or allow entire categories this way.

Where to go next
Thats the basics of URL Filter. If you want to get in deeper, check out the documentation here. For the truly paranoid (or to awaken the control freak in us all), check out BOT, or Block Out Traffic. Just make sure to read the docs carefully. If you miss the crucial install step you won't be able to log into IPcop at all!

Did we say paranoid?
If you haven't noticed we are a little freakish on wifi security. We have these conversation all the time:

Archatech: "what kind of wifi security do you have?"Friend: "I don't need security, I don't have anything important to protect"

Or it goes like this

Family member: "we WEP, it works just fine (and its all TiVo supports)"Archatech: "you know WEP can be cracked in 10 minutes, right?"Family Member: "well yeah, but who is going to take the time to break mine when there is an open network next door?"

And then there is this one

Archatech: "Why don't you use security?"Co-worker: "I use MAC address filtering and I hide my SSID (wireless network name), thats safe enough"

A lot of you probably feel the same way; you've got nothing important or don't think anyone will bother breaking in. You might also be under the impression that hiding your network name or filtering MAC addresses is security. You'd be wrong on all counts.

WiFi security is about two things. Protecting your network from outsiders and encrypting your traffic. Lets tackle the first one for starters.
Close your boarders
With a wired network, someone has to physically have access to a CAT5 port to gain access. If you doors and windows are locked, its pretty tricky to plug in. With a wireless network all of the sudden your network extends past your doors and out into the street. Its pretty hard to control invisible radio waves. What we can do is make sure passer-bys cannot use those waves. MAC filtering and SSID hiding are ways, albeit poor ones, to help keep others off your network. Every networking device in the world has a unique serial number called a MAC address. No two devices (network cards, wireless cards, bluetooth devices, VoIP phones, xboxes, etc) have the same MAC. Almost all wireless access points (and even IPCop) allows you to maintain a list of "allowed" MAC addresses. If your MAC isn't on the list, you don't get access. Sounds like a good way to lock things down, right? Well besides the hassle of having to maintain that list on on each access point, its just broken. It turns out changing the MAC address, called spoofing, is pretty easy with some free software tools. There are even tools out there that discover valid MAC address on the wireless network and report to you which ones you can spoof to gain access.

The SSID is the name if your wireless network. When you hide the SSID windows will not give you that little pop-up that says its found a network. You'd have to know the network name to join it. Well, almost any wifi "sniffer" tool will thwart that and find hidden SSIDs.

Even if you don't have important data on your computer you have some things to protect. First your computers themselves. Hackers would love to get remote control of your system and use it for malicious hacks. One of the most common is called a DDOS, or distributed denial of service. Hackers commandeer an army of computers (which they have hacked for remote access) from all over the net. Then they make all of those computers point to one web site or server. The overwhelming amount of traffic, from around the world, basically shuts the site or server down. The other thing you want to protect is your bandwidth. Remember setting that traffic limit on the blue network? Well if someone compromises your green network then you could suddenly find all of your bandwidth is being used by someone else!

Pimp your signal
The other real problem with using MAC filtering or SSID hiding is that they still do nothing to protect your traffic. The other part of wifi security is encryption. With out strong encryption you are not only extending your network outside of your doors and into the street, your broadcasting everything your do. Every email you send will be out there floating around the air for anyone to see (or 'sniff'). When you employ strong protection your traffic becomes encrypted, meaning everything between your computer and your wireless access point is unreadable- by anyone!

Where WEP failed...
Early wireless access points used something called WEP to protect access and encrypt traffic. The basic flaw is that they transmitted the "key" over and over. So someone could "sniff" the airwaves and observe enough messages between your computer and the access point to figure out the encryption. This gets a little tricky, but its based on something called a "one time pad". For more information, listen to episodes 10 and 11 of Security Now. You can also read transcripts here.
Here is what you need to know about WEP, it can be cracked in 10 minutes by a kid with a laptop. Once its cracked, everything you do can be observed and your systems are all exposed and at risk. With strong encryption in place you rest assured that no one can read your traffic, even other users on the same wireless network.

WPA Succeeded
The next generation of wifi security is called WPA and it fixed the loophole in WEP. Basically, no two keys are ever used more than once, so no matter how much of your traffic someone captures, they'd never be able to ascertain the key to unscramble it. There is a known vulnerability though. (queue scary music) When you use a short password or, even worse, a common dictionary word, as your password you can be at risk. Someone could capture a block of your traffic and attempt a "brute force" attack where they try and unlock the block of traffic by trying every word in the dictionary. For short, but random, passwords they can even attempt every combination of letters and numbers. The good news is that even with modern processors, this takes time. Someone would have to really want in badly....never underestimate those kids with laptops though!

The solution is to use the longest, most random password your access point will support. We like Steve Gibson's password generator, but you can download or use any one you like. GRC's password generator includes some notes on how its written and we trust it. If you download a password tool make sure you know how it works and that you trust it. When using any tool, its a good idea to mix several passwords. Most routers allow a max of 64 characters. You can take 32 random characters from GRC's page and then reload the page and take another 32. You can even mix and match sections of 8 or 16. That way you know your password is truly unique.

Once you have the password, simply paste it into every wireless access point you want to protect and enable WPA or WPA2 (WPA2 is newer and may not be supported on all hardware).

What's the Key?
So, you've' got this super long random password, how do you get it on each computer that needs to connect? Grab a $15 128mb USB key. Paste the key into a text file (we like plain text rather than MS Word) and put that file on the key. When ever you need to add a computer to your WiFi network, simply plug in the key and copy and paste where needed. Make sure to keep that key safe! One trick may be to copy several passwords, each 64 characters long into the text file. Lets say you paste 5 different passwords into the text file, you know that the 3rd one is the valid one. You could even copy and paste from the first 32 characters of two different lines. Hey, we said paranoid, right?

And I've gone crosseyed...
Got the big picture? With properly secured access points on your green network, you can sleep safely knowing that your wifi is as secure as your wired network. With an open access point on your blue network you can allow guests and use devices (like TiVo) that do not support WPA encryption, all while knowing devices on the blue network cannot talk to the green network (unless you open ports in IPcop). Its the best of both worlds: secure private wireless and a open but cordoned off public network. If you need to grant access to the private network, just whip out the USB key with your super long and random password and you are good to go. Hopefully you also have an understanding of how your IPcop router uses NAT technology to keep the bad guys out. With a few simple add-ons you can even custom tailor the access that each computer and yours in your house has to content on the web.

Coming Soon to Archatechs

Archatechs Call to Action - Net Neutrality: some politicians and big business want to charge you extra for the internet depending on what you want to do (like VoIP). ITs time to tell congress what you think.

One password to rule them all - Fedora Directory Server and single-sign-on

Storage for everyone - FreeNAS and online storage